Random - Speaker Deck

Slide 1

Slide 1 text

Random

Slide 2

Slide 2 text

@DAGINGINGIN iPlayground 2018 會眾 iPlayground 2019 設計組組長 iPlayground 2020 講師劉家瑋-⼤軍

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

What is Random?

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

✌ ✊ 0~33 34~66 67~99

Slide 9

Slide 9 text

23 56 3 76 13 74 25 68 11 28 31 90 47 62 23 56 3 76 13 74 25 68 11 28 31 90 47 62

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

均勻性獨立性

Slide 13

Slide 13 text

頻數測試塊內頻數測試遊程測試塊內最長連續「1」測試矩陣秩的測試離散傅立葉變換測試非重疊模板匹配測試重疊模板匹配測試通⽤統計測試壓縮測試線性複雜度測試連續性測試近似熵測試部分和測試隨機漫步測試隨機漫步變量測試

Slide 14

Slide 14 text

True Pseudo

Slide 15

Slide 15 text

True Pseudo

Slide 16

Slide 16 text

亂數(Random number) 由 Seed 搭配演算法產出亂數(具有確定性): ● 偽亂數⽣產器 Pseudorandom number generator，簡稱 PRNG ● ⼜稱為定性隨機比特⽣成器Deterministic random bit generators (DRBGs) ● 密碼學安全偽亂數⽣成器 Cryptographically secure pseudorandom number generator，簡稱 CSPRNG 由物理世界的現象產出亂數(不具有確定性): ● 真亂數⽣成器 True random number generator，簡稱 TRNG ● ⼜稱為非定性隨機比特⽣成器 ● non-deterministic random bit generators (NRBGs)

Slide 17

Slide 17 text

atmospheric noise

Slide 18

Slide 18 text

TRNG PRNG 效率較低較⾼確定性非確定性確定性的週期性非週期性的週期性的

Slide 19

Slide 19 text

PHP rand() on Windows TRNG

Slide 20

Slide 20 text

線性同餘法 LCG，Linear Congruential Method m:Modulus a:Multiplier c:Increment X0:Seed X1 = a(X0 + c) mod m Lehmer 1988

Slide 21

Slide 21 text

( 5 + 3 ) x 8 % 1 1 = 9 ( 9 + 3 ) x 8 % 1 1 = 8 ( 8 + 3 ) x 8 % 1 1 = 0 ( 0 + 3 ) x 8 % 1 1 = 2 ( 2 + 3 ) x 8 % 1 1 = 7 ( 7 + 3 ) x 8 % 1 1 = 3

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

PHP rand() on Windows TRNG

Slide 24

Slide 24 text

static unsigned long int next = 1; int myrand(void) /* RAND_MAX assumed to be 32767 */ { next = next * 1103515245 + 12345; return((unsigned int)(next/65536) % 32768); } void mysrand(unsigned int seed) { next = seed; }

Slide 25

Slide 25 text

No content

Slide 26

Slide 26 text

Blum Blum Shub (B.B.S.) Algorithm p ≡ q ≡ 3( mod 4) X0 = s2 mod n Xi = (Xi−1 )2 mod n Bi = Xi mod 2

Slide 27

Slide 27 text

在Swift 裡要⽤什麼產⽣Random Number?

Slide 28

Slide 28 text

Jens Persson

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

Gamekit

Slide 31

Slide 31 text

Arc4random的歷史

Slide 32

Slide 32 text

These functions ﬁrst appeared in OpenBSD 2.1. The original version of this random number generator used the RC4 (also known as ARC4) algorithm. In OpenBSD 5.5 it was replaced with the ChaCha20 cipher, and it may be replaced again in the future as cryptographic techniques advance. A good mnemonic is “A Replacement Call for Random”.

Slide 33

Slide 33 text

Open BSD

Slide 34

Slide 34 text

"The next generation awesome random subsystem must be super, super secure, before we change 1 line of code to rely on it"

Slide 35

Slide 35 text

⼜快、⼜亂、⼜安全⼜線程安全、⼜跨平台

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

RC4

Slide 38

Slide 38 text

Cryptographics

Slide 39

Slide 39 text

柯克霍夫原則 (Kerckhoffs’s principle) 即使演算法完全洩漏，只要⾦鑰沒有洩漏，密⽂就是安全的 • Claude Shannon: "the enemy knows the system" • Bruce Schneier: 任何以隱藏設計作為防護(Security through obscurity)的保安系統必然會失敗 • Kerckhoffs's principle 不是說密碼學演算法都必須公開，⽽是要確保即使公開也不會傷害安全性

Slide 40

Slide 40 text

key scheduling algorithm（KSA） Pseudo-Random Generation Algorithm(PRGA)

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

No content

Slide 43

Slide 43 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 j=(j+S[i]+K[i]) % 8 S0 S1 S2 S3 S4 S5 S6 S7 j=(0+0+3)=3

Slide 44

Slide 44 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+1)%8=5

Slide 45

Slide 45 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(5+4+2)%8=3

Slide 46

Slide 46 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

Slide 47

Slide 47 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

Slide 48

Slide 48 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(7+1+3)%8=3

Slide 49

Slide 49 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

Slide 50

Slide 50 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7 j=(j+S[i]+K[i]) % 8 j=(3+1+2)%8=6

Slide 51

Slide 51 text

S box KSA 1 2 3 4 5 6 7 0 3 1 4 1 5 3 1 4 Key S-box i J 0 0 3 1 5 2 3 3 6 4 7 5 3 6 6 7 6 S0 S1 S2 S3 S4 S5 S6 S7

Slide 52

Slide 52 text

PRGA 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 i j t KStream 0 1 5 3 1 2 5 5 0 3 6 5 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 j=(j+S[I])% 8 t=(S[j]+S[I] )% 8 KS=S[t]

Slide 53

Slide 53 text

PT XOR KS -> CT CT XOR KS -> PT

Slide 54

Slide 54 text

RC4後被證實有許多缺陷

Slide 55

Slide 55 text

RC4算法 Chacha20算法 OpenBSD 5.5 arc4random

Slide 56

Slide 56 text

RC4算法 AES算法 macOS 10.12(Sierra) iOS10 （NIST-approved） arc4random

Slide 57

Slide 57 text

pctr — driver for CPU performance counters RDRAND —晶片上的硬體亂數⽣成器中取得亂數

Slide 58

Slide 58 text

NIST National Insitute of Standards and Technology

Slide 59

Slide 59 text

No content

Slide 60

Slide 60 text

Swift的基本庫沒有⾃⼰的Random Algorithm?

Slide 61

Slide 61 text

Swift Evolution

Slide 62

Slide 62 text

BCryptGenRandom() arc4random_buf() getrandom() dev/urandom()

Slide 63

Slide 63 text

Linux rand() vs urand()

Slide 64

Slide 64 text

Import Foundation? Arc4random()?rand()?srand()? 其實是import Darwin （Ｃ Api）

Slide 65

Slide 65 text

/// Platform Implementation of `SystemRandomNumberGenerator` /// ======================================================== /// /// While the system generator is automatically seeded and thread-safe on every /// platform, the cryptographic quality of the stream of random data produced by /// the generator may vary. For more detail, see the documentation for the APIs /// used by each platform. /// /// - Apple platforms use `arc4random_buf(3)`. /// - Linux platforms use `getrandom(2)` when available; otherwise, they read /// from `/dev/urandom`. /// - Windows uses `BCryptGenRandom`.

Slide 66

Slide 66 text

array.randomElement() CGFloat.random(in: 0...1) Int.random(in: -5...5) array.shufﬂe()